OSHI Website and Application Privacy Notice

This is the Privacy Policy for the website hosted at https://www.oshihealth.com/ (“our site”), Oshi’s IBD Tracker & Magazine mobile application (“our app”), and for other Oshi activities where we collect personal information. This site is operated by or on behalf of Oshi Health, Inc. (“we”, “us”). We are committed to protecting and respecting your privacy. After you finish your review of this policy, we will present you with an opportunity to consent to us processing your data in the ways that we describe in this policy. If you decide not to give your consent, we will delete any information that you have already provided.

For the purposes of interpreting data privacy laws and regulations in certain countries, we are the “data controller” of the personal data that is processed by our app.

When and How We Collect Your Information

To provide you with our site and our app, we use personal information that you provide to us, or that we collect automatically.

While collecting the personal data about you, we will inform you whether the requested information is obligatory or voluntary. If you choose not to provide certain information, this may impact your use of certain resources and could make it impossible for us to provide certain services to you.

This section describes when and how we collect different types of data from you. More information on why we’re collecting this information and what we use it for is provided below under the heading “How and why we use your data”:

Type of information

When it is collected

User provided

Automated collection

Contact information such as name, email address, or username

When you register an account in our app

Yes

No

Information that you provide or that you direct others to provide on your behalf in our app, such as to track your condition, or answer clinical questionnaires.

When you submit any information in our app

Yes

No

Personalized insights derived from your usage of our app, such as automated scoring data based on your questionnaire responses

Created from processing of information you provide in our app

No

Yes

Data that may identify you or provide information on how you use our app or our site, such as IP address, operating system, or geolocation information. This data may be collected through the use of cookies.

When you access or use our app or our site.

No

Yes

Data on how you use our app or our site, such as clicks, page views, or articles read. This data may be collected through the use of cookies.

When you access or use our app or our site.

No

Yes

Comments, questions or live survey responses that you post through our app.

When you post a question or comment. While we link questions and comments to a specific account in our back-end databases, any questions or comments that are publicly posted will always remain anonymous to other users.

Yes

No

Data collected from third-party integrations such as Fitbit

When you choose to enable a third-party integration.

Yes

Yes

Information that you submit to Oshi through our website, email, or social media channels, such as reviews or feedback about our app.

When you choose to provide it.

Yes

No

A note about children: Like adults, children and teens also struggle with IBD. Because we believe in our mission of providing tools to manage these conditions to as many affected individuals as possible, including younger patients, and their parents or guardians To comply with laws protecting children in the countries where we offer our app for download, we collect the age of every person who attempts to register to use our app. We prevent registration and delete all information provided by any person who, based on his or her age, is not able to provide consent based on the laws in the country where he or she is located. Under no circumstances will we knowingly collect personal data from any person under the age of 13. In countries where the age of consent is greater than 13, we will prevent registration and data collection from those individuals as well.

A note about Cookies: We may use “cookies” and other technologies to collect data that enable us to better understand and improve the usability, performance and effectiveness of our Services. For instance, we may use session cookies (which expire once you close your browser) or and persistent cookies (which stay on your mobile device until you delete them) to provide you with a more personal and interactive experience on our App. More information about our use of cookies may be found in Oshi’s Cookies Policy.

Legal Basis for processing Personal Data

We process personal data based on one or more of the following:

We may ask for your consent to collect and process your personal data. Should you choose to provide your consent, you may later withdraw your consent by contacting us as described in the “How to Reach Us” section. Please note that the withdrawal of consent will not affect processing which has already occurred.

In other instances, the processing of your personal data may be necessary in order to comply with an applicable law or regulation or for the performance of a contract to which you are subject. You may not be able to opt-out of this processing, or your choice to opt-out may impact our ability to perform a contractual obligation otherwise owed to you.

In still other instances, we may process your personal data based on our legitimate interests. For example, we may need to use personal data if we’re troubleshooting issues with, or testing improvements to our app. Any personal data that we process based on our legitimate interests will only ever be for internal purposes. Depending on those purposes, you may have the right to opt-out of such processing. You may do so by contacting us as described in the “How to Reach Us” section

How and why we use your data

Providing our app: We primarily use your data to provide you with the features, functionality, and services of our app, such as symptom tracking, scoring clinical questionnaires, personalized insights, and to customize the content that you will see through our app so that we prioritize what is most relevant to you. Over time, we may add new features and functionality to our app. If any of those updates change how your personal data is used, we will notify you of that change.

Research and Insights: We may use the data that you provide or that others submit to our App on your behalf, to create aggregated data-sets that can be used by us or others to conduct research, develop insights, and learn more about the conditions that our app is used to track. We remove all direct and indirect identifiers from these aggregated data sets. We may also share or sell this de-identified and aggregated data with partners who help us provide the App, who sponsor surveys or other content in the App, or who may provide their own services for or conduct their own research on the treatment and management of IBD or other, related conditions.

If we share aggregated data with any other individual, entity or organization, we provide that data in a format that makes it impossible to re-identify any individual that may be included in the data set. Because researching and learning more about these conditions is integral to our mission and our app, we can’t allow users to opt out of having their data de-identified or aggregated. At any time, you may contact us to let us know that you no longer consent to your personal data being used for research, but doing so will require you to stop using our app.

Improving our app: We may also use your data to design, develop, and test new features, functionality or insights, interact with feedback platforms and surveys, manage landing pages, heat map our site or our app, optimize traffic and analyze data and to conduct research. This processing may involve developing profiles and the use of machine learning and other techniques over your data, to better understand how our app works, and to make improvements based on what we find.

Marketing: We may use your data to send you emails or other messages about new features, products, services, and content. You may opt-out of these types of communications at any time by contacting us.

Sponsored Content: We may use the app to give you the opportunity to interact with content from our partners that provide products or services that may be relevant to you. Depending on the type of sponsored content, you may be asked to share your Personal Data (such as name and/or email) with the partner who provided that content. If interacting with the content requires that we share your Personal Data, we will clearly label it, identify the sponsor, and we will present you with the information that you need in order to know what data we are sharing, who it is being shared with, and what the data will be used for, and provide you with an opportunity to consent to Personal Data being shared for that purpose.

How we secure the data that we collect

We follow cloud and healthcare industry best practices to implement technical safeguards to protect your personal data, consistent with US and EU laws. We review the effectiveness of these safeguards on a regular basis, to evaluate our compliance with applicable laws and regulations. We take these precautions in an effort to protect your personal data. However, we do not guarantee that personal data may not be accessed, disclosed, altered, or destroyed as a result of a security breach. By using our app, you understand the risks of providing your personal data.

In the event of a security breach, we commit to complying with all local, state and national laws to notify you and any relevant data protection authorities, to the extent required under applicable laws.

Where we store the data that we collect

The personal data that we collect is processed by the data processing facilities operated by the third parties identified in the section labelled “With Whom We Share Your Personal Data” below. If you live outside of the United States, your data will be transferred to the United States for processing.

By submitting your personal data through our app, you agree to this transfer, storing or processing by us. If we transfer or store your information outside of your home country, we will take steps to ensure that your privacy rights continue to be protected as outlined in this Privacy Policy.

How long we store your data

We will store your data for as long as you are an active user of our app. If you close your user account, or otherwise object to our further use of your personal data, we will delete that data after 10 days. Data that was already de-identified and/or aggregated (including de-identified data that we may have shared) will not be deleted, however it will be impossible to re-identify you as the subject of that data.

With Whom We Share Your Personal Data

As a provider of internet connected app, we partner with industry-leading third parties to help host our app, communicate with customers, power our data analytics, and other important functions. Some of these third parties may be located outside of your home country and the laws of those countries may not afford your Personal Data the same level of protection. We will ensure that all adequate safeguards are in place and that all applicable laws and regulations are complied with in connection with such transfers.

We share information with these third parties to the minimum extent necessary for the functioning of our app. Any time we share data, it is done according to the safeguards and practices described in this Privacy Policy.

We may also share or sell de-identified and aggregated data with partners who help us provide the App, who sponsor surveys or other content in the App, or who may provide their own services for, or conduct their own research on, the treatment and management of IBD or other related conditions.

This section the types of activities we use service providers for, where they store the data and why they need it:

Activity

Purpose

Place of Processing

Application or Website Hosting

We work with third-party cloud hosting providers to host our app and our website, and to help us manage our cloud infrastructure in a secure and compliant manner.

US

Application Services

We work with other third-party service providers to integrate certain functionality, for example secure authentication services, into our app.

US

Monitoring and Reporting

We work with other third-party service providers to give us the ability to monitor and report internally on how our users interact with our app and our site.

US

Your privacy rights and how to contact us

Individuals in certain countries have data subject rights which may be subject to limitations and/or restrictions. You can exercise your privacy rights or send privacy related queries to us at any time by sending us an email atdataprivacyofficer@oshihealth.com. If you live in, or are located in the European Union (“EU”) you may also contact our Representative in the Union, at EUrepresentative@oshihealth.com.

If you do not live in a country where you are legally entitled to these rights, we will still respect a request from you to exercise any of these rights to the extent that we are able. This section discusses what those rights are, and what you may request:

Right to access your information – Information that you provide, and information that we derive from what you provide (such as symptom tracking or wellbeing scoring) is generally available for you to view. However, you may also ask us to provide supplementary information about:

Information about you stored in our databases that is not visible to you through our app

The categories of data that we are processing

The purposes of data processing

The categories of third-parties who we disclose data to

How long we will store data, and the criteria that we use to determine how long data will be stored

Your other rights regarding our use of data

We will provide you with the information that you have requested within one month of receiving your request. If providing you with any piece of information that you have requested would affect the rights and freedoms of another person, we won’t be able to share that piece of information. If we can’t provide a complete response to your request for information based on that reason, we will inform you. We will still provide you with all of the other information that you have requested that we are able to share.

Right to correct your information – Information that you provide through our app is generally correctable by you. However, in the event that we collect any inaccurate information about you that you are unable to correct on your own, we will correct that information. If you have a concern about the accuracy of your information, you also have a right to ask us to temporarily restrict the processing of your data, while its accuracy is verified. To ask us to restrict processing, you may contact our privacy team at dataprivacyofficer@oshihealth.com.

Right to object to certain kinds data processing – In certain circumstances, such as for marketing purposes, or if you believe your data has been recorded inaccurately, you may object to us processing your data, either temporarily, or for those purposes. To object to processing, you can contact our privacy team at dataprivacyofficer@oshihealth.com. While we evaluate your objection, you may also ask us to temporarily restrict processing of your data.

Right to your data in a portable format – We will give you an extract of your data so that you can provide it to another service. If you ask us and it is technically possible, we will directly transfer the data to the other service for you. We will not do so to the extent that this involves disclosing data about any other individual.

Right to erasure – Our app provides you with the ability to delete data that you have submitted. Additionally, you can contact our privacy team at dataprivacyofficer@oshihealth.com to erase any personal data that we hold about you, if that data is no longer necessary for us to hold based on the purposes that we collected it for.

Right to lodge a complaint – If you have any concerns about how we are handling your data, you have a right to file a complaint with the data protection authority, or other relevant regulator, in your country. However, we are dedicated to protecting your personal data and we want to make sure you feel safe when you process it, and if you have any concerns about how we are processing your data, we would appreciate the opportunity to resolve the issue before you contact the data protection authority. You can contact our privacy team at dataprivacyofficer@oshihealth.com.

Right to withdraw your consent – At any point, you may contact us to withdraw your consent for us to collect or process your data. Because providing our app requires us to collect and process your data, and because we rely on your consent in order to collect and process your data, withdrawing your consent will require us to delete your account and suspend your access to our app.

OSHI Application Cookies Policy

This is the Cookies Policy for Oshi’s IBD Tracker & Magazine mobile application (“our app”). This app is operated by or on behalf of Oshi Health, Inc. (“we”, “us”).

What is a cookie? A cookie is a text file consisting of letters and numbers that we save in your browser or on your device. Cookies make it possible for us to recognize your device and gather information about the features of our app that you use.

How do we use cookies? Our app uses cookies for several reasons related to functionality and analysis. They help us give you a good experience as you use our app and enable us to enhance your user experience. The cookies that we use are essential for the functionality of our app.

Functional cookies Functional cookies are used to recognize you when you log into our app. They enable you to log in, and may be used to save some of your user preferences.

Performance cookies Performance cookies allow us to recognize how users interact with our app, such as what pages they view, or what functionality they access. We can then use some of those insights to improve how our app works, for example, by making it easier for you to find specific content that might be of interest to you.

Removal of cookies The cookies that we use are necessary for our app to function. For example, we use cookies to integrate with our app’s third-party authentication functionality. If these cookies are removed, we would not be able to provide the app. You may block cookies by enabling certain configuration options on your device, however doing so will prevent our app from functioning correctly.

DOWNLOAD OSHI

ABOUT OSHI HEALTH

Everybody with IBD is different. That’s why we created Oshi: a brand-new app that’s designed to help you — and your unique body — navigate life with IBD.